Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750906AbWJDTep (ORCPT ); Wed, 4 Oct 2006 15:34:45 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750909AbWJDTep (ORCPT ); Wed, 4 Oct 2006 15:34:45 -0400 Received: from mail.aknet.ru ([82.179.72.26]:55054 "EHLO mail.aknet.ru") by vger.kernel.org with ESMTP id S1750905AbWJDTeo (ORCPT ); Wed, 4 Oct 2006 15:34:44 -0400 Message-ID: <45240D4E.7090500@aknet.ru> Date: Wed, 04 Oct 2006 23:36:46 +0400 From: Stas Sergeev User-Agent: Thunderbird 1.5.0.7 (X11/20060913) MIME-Version: 1.0 To: Arjan van de Ven Cc: Ulrich Drepper , Linux kernel , Alan Cox , Hugh Dickins , Valdis.Kletnieks@vt.edu Subject: Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps References: <45150CD7.4010708@aknet.ru> <451555CB.5010006@aknet.ru> <1159037913.24572.62.camel@localhost.localdomain> <45162BE5.2020100@aknet.ru> <1159106032.11049.12.camel@localhost.localdomain> <45169C0C.5010001@aknet.ru> <4516A8E3.4020100@redhat.com> <4516B2C8.4050202@aknet.ru> <4516B721.5070801@redhat.com> <45198395.4050008@aknet.ru> <1159396436.3086.51.camel@laptopd505.fenrus.org> <451E3C0C.10105@aknet.ru> <1159887682.2891.537.camel@laptopd505.fenrus.org> <45229A99.6060703@aknet.ru> <45229C8E.6080503@redhat.com> <4522A691.7070700@aknet.ru> <4522B7CD.4040206@redhat.com> <4522BCBF.2050508@aknet.ru> <1159905265.2891.551.camel@laptopd505.fenrus.org> In-Reply-To: <1159905265.2891.551.camel@laptopd505.fenrus.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 916 Lines: 23 Hi. Arjan van de Ven wrote: > and chmod o-x bash .... > at which point.. game over. > (and yes you can do in bash pretty much what you can do in perl. heck > you can prove that.. shell is turning complete ;) Can I do a syscalls from a bash script? But in any case, I am not going to suggest any solution against a script-loader - the mmap change doesn't prevent that too. Instead I'd like to evaluate a few ideas about an ld.so problem. One of which is to _enforce_ the "noexec", just as you asked for. :) Please have a look at this patch: http://uwsg.ucs.indiana.edu/hypermail/linux/kernel/0610.0/1402.html The primary goal is to make access() to respect the "noexec". - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/